Documentation

Guides, reference architectures, and control mappings for teams building AI systems that handle protected health data

Guide

Implementation Guide

A six-step path from use-case scoping through production deployment

01

Assess your AI use case

Pin down the clinical workflow, data types (PHI, imaging, genomics), and which regulations apply (HIPAA, FDA SaMD, state AI laws)

02

Select compliance pattern

Pick an architecture pattern that matches your regulatory profile: HIPAA-only, GxP, or FDA-regulated

03

Map security controls

Use the cross-cloud control mappings to identify the specific services you need on AWS, Azure, or GCP

04

Apply governance protocols

Set up data classification, access policies, lineage tracking, and retention rules for PHI and training data

05

Run risk assessment

Score AI-specific risks (bias, drift, adversarial inputs, hallucination) alongside standard infrastructure risks

06

Deploy via playbook

Use a deployment playbook to stand up infrastructure, run validation checks, and promote to production

Resources

Documentation

Architecture Patterns

Reference architectures for HIPAA, GxP, and FDA-regulated AI workloads

  • Compliance Automation
  • Remote Patient Monitoring
  • Serverless Resilience
  • Predictive analytics
Browse patterns →

Security Controls

AWS, Azure, and GCP service mappings for PHI protection, model security, and compliance

  • AWS → Azure → GCP equivalents
  • PHI encryption and access controls
  • AI-specific guardrails and monitoring
Browse security controls →

Governance Templates

Classification schemes, access policies, lineage tracking, and retention rules for PHI

  • PHI data classification
  • Role-based access policies
  • Audit and lineage tracking
  • Retention and lifecycle rules
Browse governance →

Risk Worksheets

Bias scoring, clinical risk catalogs, and mitigation planning worksheets

  • Bias and fairness scoring
  • Clinical risk catalogs
  • Mitigation planning templates
  • Pre-deployment checklists
Coming soon

Implementation Playbooks

End-to-end deployment and validation guides for regulated environments

  • CI/CD for regulated infra
  • Security validation steps
  • Load and compliance testing
Browse playbooks →

Glossary

Definitions of regulatory, AI/ML, cloud, and security terms used across this site

  • HIPAA, FDA, GxP terms
  • ML/LLM terminology
  • Cloud infrastructure concepts
  • Security and compliance terms
Browse glossary →